Your effort = the same as if it were 10 rows. Just convert one, and put it in a loop.

Computers effort = effort (time) of converting one row * 1000000

The exact execution time of creating a md5 from plain text is a measurable value. The exact execution time of converting them all is predictable from the first result.

I reckon that your own effort would actually mostly be spend to the other parts of your login system and not this one, like forgotten password and similar. E.g. if the previous system used to send exact password to users, you'll have to replace it with a password reset functionality.

@Pierre: True. Use loop to build up the batch query, then send it off to execute. In any case, it's just a run-once script. As long as it's reasonably fast and you're not paying per resource use (like on Google App Engine) whatever is easiest is the way to go.
–
Goran JovicJun 3 '11 at 11:51

What this essentially does is link the table with the password to itself with an inner join. It uses the aliases (Target and Source) to differentiate between the two copies of the table. Then using the regular Update syntax from sql, the Set statement on lines 7 and 8 causes the password field in the original table to become equal to the MD5 hash of the same password. To make sure that this sql only acts on a per row basis we establish the where statement using the primary key of the table.

P.S. I ran it on some dummy data of 2 columns and ~30,000 rows; Took about ~2 seconds. So on 1,000,000 rows should take about 8 seconds ± 5. (It will probably take only 2 though)
–
MallowJun 3 '11 at 21:37

+1 for the effort, but don't go using MD5 for hashing. SHA256 is currently considered unbroken but is computationally expensive. Not as expensive as losing user accounts, though.
–
Gary RoweJun 3 '11 at 21:54

@Gary Rowe Computationally expensive is a good thing. If it's expensive for you to generate, it's expensive for them to break.
–
George StockerJun 4 '11 at 3:37